block/compat_ioctl: fix range check in BLKGETSIZE

Message ID	20180406222350.174104-1-khazhy@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-block-owner@kernel.org> From: Khazhismel Kumykov <khazhy@google.com> To: axboe@kernel.dk Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, Khazhismel Kumykov <khazhy@google.com> Subject: [PATCH] block/compat_ioctl: fix range check in BLKGETSIZE Date: Fri, 6 Apr 2018 15:23:50 -0700 Message-Id: <20180406222350.174104-1-khazhy@google.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000008324ad056935873f" Sender: linux-block-owner@vger.kernel.org Precedence: bulk

Message ID

20180406222350.174104-1-khazhy@google.com (mailing list archive)

State

New, archived

Headers

From: Khazhismel Kumykov <khazhy@google.com>
To: axboe@kernel.dk
Cc: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
	Khazhismel Kumykov <khazhy@google.com>
Subject: [PATCH] block/compat_ioctl: fix range check in BLKGETSIZE
Date: Fri,  6 Apr 2018 15:23:50 -0700
Message-Id: <20180406222350.174104-1-khazhy@google.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha-256; boundary="0000000000008324ad056935873f"
Sender: linux-block-owner@vger.kernel.org
Precedence: bulk

Commit Message

Khazhy Kumykov April 6, 2018, 10:23 p.m. UTC

kernel ulong and compat_ulong_t may not be same width. Use type directly
to eliminate mismatches.

This would result in truncation rather than EFBIG for 32bit mode for
large disks.

Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
---
 block/compat_ioctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Khazhy Kumykov July 31, 2018, 6:23 p.m. UTC | #1

Ping?

On Fri, Apr 6, 2018 at 3:23 PM, Khazhismel Kumykov <khazhy@google.com> wrote:
> kernel ulong and compat_ulong_t may not be same width. Use type directly
> to eliminate mismatches.
>
> This would result in truncation rather than EFBIG for 32bit mode for
> large disks.
>
> Signed-off-by: Khazhismel Kumykov <khazhy@google.com>
> ---
>  block/compat_ioctl.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
> index 6ca015f92766..3a2c77f07da8 100644
> --- a/block/compat_ioctl.c
> +++ b/block/compat_ioctl.c
> @@ -388,7 +388,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
>                 return 0;
>         case BLKGETSIZE:
>                 size = i_size_read(bdev->bd_inode);
> -               if ((size >> 9) > ~0UL)
> +               if ((size >> 9) > ~((compat_ulong_t)0UL))
>                         return -EFBIG;
>                 return compat_put_ulong(arg, size >> 9);
>
> --
> 2.17.0.484.g0c8726318c-goog
>

Jens Axboe Aug. 2, 2018, 9:31 p.m. UTC | #2

On 4/6/18 4:23 PM, Khazhismel Kumykov wrote:
> kernel ulong and compat_ulong_t may not be same width. Use type directly
> to eliminate mismatches.
> 
> This would result in truncation rather than EFBIG for 32bit mode for
> large disks.

Sorry for not getting to this. Applied, thanks.

diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
index 6ca015f92766..3a2c77f07da8 100644
--- a/block/compat_ioctl.c
+++ b/block/compat_ioctl.c
@@ -388,7 +388,7 @@  long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
 		return 0;
 	case BLKGETSIZE:
 		size = i_size_read(bdev->bd_inode);
-		if ((size >> 9) > ~0UL)
+		if ((size >> 9) > ~((compat_ulong_t)0UL))
 			return -EFBIG;
 		return compat_put_ulong(arg, size >> 9);

block/compat_ioctl: fix range check in BLKGETSIZE

Commit Message

Comments

Patch